|
In diary entries "Huge Signed PE File" and "Huge Signed PE File: Keeping The Signature" I explain how to get rid of the overlay in a huge PE file. What commands do you need to issue if you do want the overlay (e.g., for analysis)?
To achieve this, you follow the steps as I explained here, up until the extraction of the stripped PE file (-g s). Issue a similar extraction command, but use -g o (o stands for overlay) to extract the overlay.
Didier Stevens |
DidierStevens 649 Posts ISC Handler May 29th 2022 |
| Reply Subscribe |
May 29th 2022 1 month ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
